Job Closed
This listing is no longer active.
DigitalOcean is the Inference Cloud — a full-stack, production-ready cloud platform built to run AI applications with predictable performance, sustainable economics, and radically simpler operations at scale. We are built for teams turning AI into real products — not just training models. Our advantage is not fewer features, but fewer failure modes when operating AI at scale — combining minimal operational overhead, predictable cost efficiency, and a full-stack cloud that works as a system. Hyperscalers are broad by design. Neoclouds are infrastructure-first. DigitalOcean is inference-first — with a real cloud underneath. It combines inference-optimized compute, managed inference software, and integrated cloud capabilities that reduce operational burden for teams running real workloads. Inference is the foundation—not the boundary. Everything else builds on top of it.
Staff Product Security Engineer
Location
United States
Posted
51 days ago
Salary
$170K - $200K / year
Seniority
Senior
Job Description
Staff Product Security Engineer
DigitalOcean
Dive in and do the best work of your career at DigitalOcean. Journey alongside a strong community of top talent who are relentless in their drive to build the simplest scalable cloud. If you have a growth mindset, naturally like to think big and bold, and are energized by the fast-paced environment of a true industry disruptor, you’ll find your place here. We value winning together—while learning, having fun, and making a profound difference for the dreamers and builders in the world. We’re looking for a Staff Product Security Engineer who is passionate about partnering with engineers to assess the security risk of new products and features and build secure-by-default paved roads.As a member of the Product Security team, you will report to the Senior Manager of Product Security. Our mission is to minimize security risk while maximizing business velocity. This staff engineer will help oversee the strategic functions of two Product Security teams: Secure Design and Security Platform. Our Secure Design team enables DigitalOcean to build secure-by-design products. We leverage strong relationships with both product teams and the rest of security engineering to be successful. Our scope is primarily focused on reviewing early-stage decisions, helping develop threat models, scaling impact via automation, curating security patterns, authoring security guidance, training, and championing security initiatives. Our Security Platform team secures the development and environment of our engineers and production services. We achieve this by implementing controls that layer security into the groundwork of our engineering infrastructure, streamlining implementations, and measuring effectiveness. We help build the platform that ensures software development at DigitalOcean is safe, easy, and low-risk. You will collaborate with other security teams and the rest of DigitalOcean to guide secure architecture design, reduce security risk in the organization, and empower engineers to make informed security decisions. Security at DO means solving incredibly complex problems at a high-scale that have real impact for our customers, our products, and the larger internet community. What You’ll do:Threat model application designs and solutions and provide security risk assessments (60%) - Provide deep technical expertise in software and network architecture during holistic assessments of security layers across infrastructure, application, people, and process. - Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems. - Identify the trade-offs of different solutions and recommend the efficient design to achieve both functional goals and security requirements. - Provide hands-on remediation guidance to development teams. Build secure-by-default guardrails for engineers (30%) - Design and build internal tooling to provide engineering teams with secure-by-default configurations and libraries. - Write robust, resilient, and maintainable software, primarily in Go and Python. You may sometimes work on a frontend. - We do not believe in Security Obstructionism and carefully integrate a small number of vendor tools into our development pipelines. You will help drive the successful integration of these tools as well as build security initiatives around their data that empower engineers rather than add friction or blocking gates. - Prioritize the user experience (our customers are internal dev teams) to ensure security’s libraries and services are the easiest, fastest way to get work done. Cultivate and promote a security culture (10%) - Champion an internal security culture (developer training, internal CTFs, etc.). - Mentor software engineering teams in security best practices. - Help oversee our vulnerability management program (we call it security debt). - Help DigitalOcean engineers understand how security events impact them. Do they need to worry about the next Log4j CVE? How does RetBleed impact DigitalOcean’s fleet? What You’ll add to DigitalOcean:Required qualifications: - Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities. - Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and ability to provide actionable direction to product teams. - A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Engineering teams are our partners, not our adversaries. - Strong knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery). Preferred qualifications: - 6+ years experience guiding software teams on secure architecture design. - 5+ years of experience in software engineering projects, ideally with a security focus. We primarily develop in Go, Python, and JavaScript. You are comfortable writing robust code with good test coverage and can point to specific examples of projects you’ve successfully delivered in the past. - Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases. - Working knowledge of hardware and software supply chain security. - Familiarity with technologies such as gRPC, Docker, Prometheus, Kubernetes, HashiCorp Vault, and GitHub Actions. Compensation Range: - $170,000-$200,000 *This is a remote role JR: 2026-7647 #LI-Remote Why You’ll Like Working for DigitalOcean - We innovate with purpose. You’ll be a part of a cutting-edge technology company with an upward trajectory, who are proud to simplify cloud and AI so builders can spend more time creating software that changes the world. As a member of the team, you will be a Shark who thinks big, bold, and scrappy, like an owner with a bias for action and a powerful sense of responsibility for customers, products, employees, and decisions. - We prioritize career development. At DO, you’ll do the best work of your career. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that will always challenge you to think big. Our organizational development team will provide you with resources to ensure you keep growing. We provide employees with reimbursement for relevant conferences, training, and education. All employees have access to LinkedIn Learning's 10,000+ courses to support their continued growth and development. - We care about your well-being. Regardless of your location, we will provide you with a competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy, to name a few. While the philosophy around our benefits is the same worldwide, specific benefits may vary based on local regulations and preferences. - We reward our employees. The salary range for this position is based on market data, relevant years of experience, and skills. You may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance. We also provide equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program. - DigitalOcean is an equal-opportunity employer. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service. Application Limit: You may apply to a maximum of 3 positions within any 180-day period. This policy promotes better role-candidate matching and encourages thoughtful applications where your qualifications align most strongly.
Benefits
- 401(K), 401(K) matching, Company equity, Company-sponsored outings, Continuing education stipend, Customized development tracks, Dental insurance, Disability insurance, Volunteer in local community, Employee stock purchase plan, Family medical leave, Fitness stipend, Flexible Spending Account (FSA), Flexible work schedule, Generous parental leave, Generous PTO, Company-sponsored happy hours, Health insurance, Job training & conferences, Open door policy, Life insurance, Charitable contribution matching, Paid volunteer time, Online course subscriptions available, Open office floor plan, Paid holidays, Paid industry certifications, Paid sick days, Onsite office parking, Performance bonus, Pet insurance, Promote from within, Lunch and learns, Remote work program, Return-to-work program post parental leave, Free snacks and drinks, Team based strategic planning, Tuition reimbursement, Mandated unconscious bias training, Unlimited vacation policy, Vision insurance, Wellness programs, Mental health benefits, Home-office stipend for remote employees, Diversity employee resource groups, Hiring practices that promote diversity, Employee resource groups, Employee-led culture committees, Quarterly engagement surveys, Hybrid work model, In-person all-hands meetings, Employee awards, Flexible time off, Bereavement leave benefits
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Develop and enforce comprehensive security policies, rule sets, and zone segmentation aligned with Zero Trust principles. • Act as the top-tier subject matter expert for all security engineering, configuration, and troubleshooting. • Ensure alignment with federal Cybersecurity Maturity Model (CMMC2) / NIST 800-171 framework, as it relates across all security architectures, policies, and procedures. • As directed by leadership, implement STIGs and other security baselines to corporate systems, architecture, and applications. • In association with the Network Engineer, design, implement, and maintain firewalls. • In association with the Network Engineer, develop and enforce security policies for corporate IT, OT, and guest wireless networks, ensuring proper segmentation, secure authentication protocols, and encryption methods are in place. • Architect and optimize secure remote access solutions, utilizing Cisco ISE or similar enterprise VPN technologies, ensuring least privilege and multi-factor authentication (MFA) are implemented properly. • Lead the design, tuning, and integration of device logs into an enterprise SIEM. • Develop advanced correlation rules, alerts, dashboards, and reporting mechanisms to identify, prioritize, and track security threats and anomalies. • Conduct post-incident reviews to identify architectural gaps and define security enhancements. • Create and maintain and collaborate on enterprise-wide security standards, control baselines, and reference architectures. • In association with the ISSM, develop, maintain, and test an Incident Response Plan and playbooks. • In association with the ISSM, conduct regular security assessments and define remediation strategies to address control deficiencies.
• Act as a subject matter expert for Microsoft security, compliance, identity, and management when engaging with our clients. • Particular focus in Purview, for which you will be an SME. • Lead customer engagements, covering scoping, demonstrations, design, development, implementation, and customization of Microsoft solutions. • Collaborate with the Practice Lead and Data Security & Governance Lead to craft new solutions, engagements, software, tools, and commercial + marketing opportunities leveraging the Microsoft portfolio. • Evaluate, deploy, and advise customers regarding Microsoft security capabilities, practices, and tools, providing insightful assessments. • Present advisory services, technical demonstrations, and pre through to post sales materials. • Contribute to security reviews and gap analyses. • Maintain a proficient understanding of comparable security technologies.
Company Overview At Motorola Solutions, we believe that everything starts with our people. We’re a global close-knit community, united by the relentless pursuit to help keep people safer everywhere. We build and connect technologies to help protect people, property and places. Our solutions foster the collaboration that’s critical for safer communities, safer schools, safer hospitals, safer businesses, and ultimately, safer nations. Connect with a career that matters, and help us build a safer future. Department Overview The Senior Software Security Engineer will be responsible for analysing software designs and implementations from a security perspective, identifying and proposing remediations to security issues throughout the software development lifecycle (SDLC). Job Description This role is mainly remote. Responsibilities Security Design and Implementation - Perform threat modelling, risk assessments, and architecture reviews to identify and mitigate risk. - Support the engineering teams on definition on detailed security requirements to meet compliance requirements and industry best practices. - Perform security code reviews looking for potential security vulnerabilities. - Act as a subject matter expert to advise and answer questions from engineering and compliance teams on technical product security matters. - Security Testing - Define and oversee the deployment of Software Composition Analysis (SCA) tools to compile SBOMs of software components, helping to identify known vulnerabilities and license compliance violations. - Define and oversee the deployment of automated security testing tools into CI pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Secret Detection scanning tools. - Manual penetration testing of web applications (backend and frontend).Manual penetration testing skills in the domains of cloud infrastructure, embedded/OS or mobile are desirable. - Write custom scripts or unit test cases to check for vulnerabilities or broken/missing security controls. - Recommend improvements to existing security scanning tools and processes, and propose new ones. Vulnerability Management - Periodically triage the findings from the automated security scanning tools. - Validate potential security vulnerabilities to determine whether they are actual true positives, or false positives (i.e. non-applicable) in the product context. Write proof of concept exploits when necessary to achieve this. - Assess the risk of vulnerabilities and threats in order to help the business determine their remediation priority order. - Communicate the identified security issues to engineering and compliance stakeholders, and manage them throughout the SDLC process to ensure they are properly addressed. SDLC and DevSecOps Integration - Establish and maintain secure coding standards, baseline product security requirements and more general best practices to provide guidance to development teams. - Assist the program area with implementing a secure Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing DevSecOps principles and practices to increase automation. - Implement automated security controls as part of CI/CD pipelines. Incident Response and Compliance - Support product security incident response processes, including root cause analysis (identify the affected product components, data, and the overall impact level) and definition of mitigation strategies. - Define clear criteria and protocols for security incident response. - Conduct post-incident analysis to compile lists of lessons learned, and measures to prevent similar incidents from reocurring, and refine response strategies. - Monitor emerging security threats, vulnerabilities, and trends to proactively investigate, remediate, and integrate new protections. - Ensure products comply with relevant security standards, certifications, and regulations (e.g., OWASP, NIST). Basic Requirements Required Qualifications Experience and Education - 5+ years of experience in Security Engineering with a focus on product security and/or application security. - Bachelor’s degree in Computer Science, Information Security, or a related technical field. Technical Skills - In-depth knowledge of Linux and Docker container-based infrastructures, including their orchestration (e.g. Kubernetes). - Working knowledge of techniques, standards, and state-of-the-art authentication and authorization technologies, applied cryptography, security vulnerabilities and remediations. - Significant software development experience. Experience in Go (our main backend language), Typescript/Javascript, C/C++, Python and Bash is desirable. - Working knowledge of web-related protocols and technologies (HTTP, REST APIs, DOM, CSP), networking protocols (IP, TCP, UDP), and security protocols (TLS). - Experience in performing threat modeling, with a good grasp of common threat vectors and frameworks. - Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, and CIS Critical Security Controls, OWASP ASVS and Testing Guides. - Familiarity with industry-standard security frameworks such as OWASP and NIST. - Experience with security tools such as SAST, DAST, IAST, and SCA. - Exceptional analytical and investigative skills, with hands-on experience in root cause analysis. - Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities. - Experience with CI/CD pipeline, security tools integration, and secure SDLC. - Experience with cloud-based infrastructure (AWS, Azure, or Google Cloud), and on best practices on how to secure cloud environments. Desirable Qualifications Advanced Expertise - Familiarity with security considerations for AI/ML systems is desirable. - Understanding of distributed systems design, implementation and operation. - Understanding of privacy threats and controls, including on how to adapt generic best practices to specific scenarios in the product by providing detailed specifications to stakeholders. - Exploit development experience, and good understanding of the necessary conditions to trigger different vulnerability types, and the maximum impact achievable. - Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery). Education and Certifications - Master's degree or equivalent experience preferred. - Security certifications are a plus, including OSCP, OSEE, SANS/GIAC, CCSP, and CISSP. Soft Skills and Leadership - Excellent verbal and written communication, with the ability to translate complex security concepts to technical and non-technical stakeholders. - Demonstrated ability to design, document, and implement new security processes. - Experience in a high-growth technology environment or SaaS business. - Ability to remain calm under pressure, especially during incidents or audits. In return for your expertise, we’ll support you in this new challenge with coaching & development every step of the way. Also, to reward your hard work you’ll get: - Competitive salary and bonus schemes - Two weeks additional pay per year (holiday bonus). - 25 days holiday entitlement + bank holidays. - Attractive defined contribution pension scheme. - Private medical insurance. - Employee stock purchase plan. - Flexible working options. - Life assurance. - Enhanced maternity and paternity pay. - Career development support and wide ranging learning opportunities. - Employee health and wellbeing support EAP, wellbeing guidance etc. - Carbon neutral initiatives/goals. - Corporate social responsibility initiatives including support for volunteering days. - Well known companies discount scheme. #LI-KTB Travel Requirements Under 10% Relocation Provided None Position Type Experienced Referral Payment Plan Yes Company Motorola Solutions UK Limited EEO Statement Motorola Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or belief, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other legally-protected characteristic. We are proud of our people-first and community-focused culture, empowering every Motorolan to be their most authentic self and to do their best work to deliver on the promise of a safer world. If you’d like to join our team but feel that you don’t quite meet all of the preferred skills, we’d still love to hear why you think you’d be a great addition to our team.
• Defining complex security architectures that are necessary to integrate new entities when a merger or acquisition is complete, including leading various levels of technology resource through the decision-making process. • Analyzing and understanding the impact of regulation changes on security architecture, standards and policies, including making and communicating updates as needed. • Providing guidance and coaching to cybersecurity lead and senior architects and engineers, and providing overall technical expertise to the cybersecurity department and business stakeholders. • Researching, modeling, and tracking secure system standards, industry trends, market technology, potential threats, tactics, and procedures for ecosystem applicability and reference. • Developing formal management reporting dashboards aligned to widely accepted standards, including appropriate metrics that inform senior leadership as to the state of information security risk and exposure. • Effectively communicating risk and mitigation activities to all levels of the organization during incident or risk treatment actions, to inform critical decision-making and deliver risk reductions. • Identifying, quantifying, and documenting requirements to address security risks as they relate to IT and enterprise projects. • Recognizing and identifying potential areas where existing security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion. • Performing third-party security risk assessments, especially for cloud service providers and responding to third-party requests for information on CNO’s information security program/policies. • Ensuring that the organization is leveraging the proper technologies to meet SOX, PCI, and HIPAA/HITECH compliance requirements. • Serving as a subject matter expert for the incident lead during Incident Response activities. • Leading matrix working groups during Incident Response activities. • Supporting legal and Internal Audit activities and information gathering when needed, and effectively communicating complex security topics to these teams.
